get_timer: don't use uninitialized memory get_timer with reset=1 is called both to initialize a timer object and to reset an already-initialized object. In an initial call, the content of the data structure is indeterminate, so the code should not read from it. This could crash if signed overflows trap, for example. As a consequence, on reset, we can't return the previously elapsed time as was previously done on Windows. Return 0 as was done on Unix.

commit: 2484ffeb81e1abe37ba55d8f465768f09fdfe732 [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Mon Oct 16 19:33:06 2017 +0200
committer: Gilles Peskine <Gilles.Peskine@arm.com> Wed Dec 20 22:12:19 2017 +0100
tree: d149ebad9433f52ee7c442f5a80247c6d10ff4c1
parent: de896ebd2677ab6873cc5e3b4bb57741bba53a00 [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 8b11c18..b3bab77 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -44,6 +44,7 @@
    * Fix crash when calling mbedtls_ssl_cache_free() twice. Found by
      MilenkoMitrovic, #1104
    * Fix mbedtls_timing_alarm(0) on Unix.
+   * Fix use of uninitialized memory in mbedtls_timing_get_timer when reset=1.
 
 Changes
    * Extend cert_write example program by options to set the CRT version
commit	2484ffeb81e1abe37ba55d8f465768f09fdfe732	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Mon Oct 16 19:33:06 2017 +0200
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Wed Dec 20 22:12:19 2017 +0100
tree	d149ebad9433f52ee7c442f5a80247c6d10ff4c1
parent	de896ebd2677ab6873cc5e3b4bb57741bba53a00 [diff] [blame]